GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
307 advisories
Filter by severity
gix refs and paths with reserved Windows device names access the devices
Moderate
CVE-2024-35197
was published
for
gitoxide
(Rust)
May 22, 2024
ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows
Moderate
CVE-2024-4435
was published
for
ic-stable-structures
(Rust)
May 21, 2024
Tor path lengths too short when "full Vanguards" configured
Moderate
CVE-2024-35313
was published
for
arti
(Rust)
May 18, 2024
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Moderate
CVE-2024-34353
was published
for
matrix-sdk-crypto
(Rust)
May 13, 2024
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
Moderate
CVE-2024-32966
was published
for
static-web-server
(Rust)
May 1, 2024
gix-transport indirect code execution via malicious username
Moderate
CVE-2024-32884
was published
for
gitoxide
(Rust)
Apr 15, 2024
libdav1d-sys affected by dav1d AV1 decoder integer overflow
Moderate
GHSA-mc39-h54g-pvw6
was published
for
libdav1d-sys
(Rust)
Apr 5, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Moderate
GHSA-q6cp-qfwq-4gcv
was published
for
h2
(Rust)
Apr 5, 2024
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Moderate
CVE-2024-1765
was published
for
quiche
(Rust)
Mar 13, 2024
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits
Moderate
CVE-2024-28101
was published
for
apollo-router
(Rust)
Mar 6, 2024
*const c_void / ExternalPointer unsoundness leading to use-after-free
Moderate
CVE-2024-27934
was published
for
Deno
(Rust)
Mar 6, 2024
Deno's improper suffix match testing for DENO_AUTH_TOKENS
Moderate
CVE-2024-27932
was published
for
deno
(Rust)
Mar 6, 2024
Duplicate Advisory: eza Potential Heap Overflow Vulnerability for AArch64
Moderate
GHSA-3xc6-7h59-j2x4
was published
for
eza
(Rust)
Mar 6, 2024
•
withdrawn
Insufficient permission checking in `Deno.makeTemp*` APIs
Moderate
CVE-2024-27931
was published
for
deno
(Rust)
Mar 5, 2024
Uncaught Exception in Macro Expecting Native Function to Exist
Moderate
GHSA-6wr5-jmpr-mjcx
was published
for
surrealdb
(Rust)
Feb 21, 2024
Uncaught Exception Handling Parsing Errors on Line Terminators
Moderate
GHSA-8xff-473h-f863
was published
for
surrealdb
(Rust)
Feb 21, 2024
svix vulnerable to Authentication Bypass
Moderate
CVE-2024-21491
was published
for
svix
(Rust)
Feb 13, 2024
Svix vulnerable to improper comparison of different-length signatures
Moderate
GHSA-w277-wpqf-rcfv
was published
for
svix
(Rust)
Feb 6, 2024
Nervos CKB Permit load cell data from memory
Moderate
GHSA-29c2-65rj-h343
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB Pool does not remove the conflicting transactions from the statistics
Moderate
GHSA-h4c3-5275-vrmg
was published
for
ckb
(Rust)
Feb 3, 2024
Use after free in libpulse-binding
Moderate
GHSA-f56g-chqp-22m9
was published
for
libpulse-binding
(Rust)
Feb 3, 2024
Nervos CKB BlockTimeTooNew should not be considered as invalid block
Moderate
GHSA-r9rv-9mh8-pxf4
was published
for
ckb
(Rust)
Feb 2, 2024
Nervos CKB Unaligned Pointer Dereference
Moderate
GHSA-q669-2vfg-cxcg
was published
for
ckb
(Rust)
Feb 2, 2024
Memory over-allocation in evm crate
Moderate
CVE-2021-29511
was published
for
evm
(Rust)
Jan 30, 2024
Unauthenticated Nonce Increment in snow
Moderate
GHSA-7g9j-g5jg-3vv3
was published
for
snow
(Rust)
Jan 24, 2024
ProTip!
Advisories are also available from the
GraphQL API